package cn.me.sso.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
 * security配置
 *
 * @author zchcpywin10
 * //@Order(1)
 */
@Configuration
@EnableWebSecurity
public class SsoSecurityConfig extends WebSecurityConfigurerAdapter {
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      //
      .authorizeRequests()
      //
      .antMatchers("/login", "/oauth/authorize", "/oauth/token").permitAll()
      //
      .anyRequest().authenticated()
      //
      .and().formLogin()
      // 设置登录页地址，并设置处理登录请求的路径
      .loginPage("/login").loginProcessingUrl("/Login")
      //                .and()
      //                    .logout()
      //                        .logoutUrl("/logout")
      //                        .invalidateHttpSession(true)
      //                        .deleteCookies("JSESSIONID")
      //                        .logoutSuccessUrl("/asynLogout")
      //                        .permitAll()
      //                .and()
      //                    .httpBasic()
      .and().csrf().disable();
  }
  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    //配置基于内存的登录用户
    auth.inMemoryAuthentication()
      //
      .passwordEncoder(passwordEncoder())
      //
      .withUser("user")
      //
      .password(passwordEncoder().encode("123456"))
      //
      .roles("USER", "ADMIN");
  }
  @Override
  public void configure(WebSecurity web) {
    web.ignoring()
      //
      .antMatchers("/js/**", "/css/**", "/static/**", "/images/**", "/**/favicon.ico");
  }
  @Bean
  public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
  }
  /**
   * 认证管理
   *
   * @return 认证管理对象
   * @throws Exception 认证异常信息
   *                   // @Bean 重点是这行，父类并没有将它注册为一个 Bean
   */
  @Override
  @Bean
  public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
  }
}
